Regulatory compliance is a second line activity. It is good practice for internal audit to provide assurance over the activities of second line functions. However, in some organisations internal audit may be required to provide compliance assurance in relation to first line activities.
Regulation is a vast, wide-ranging topic.
The guidance and resources on this page should be considered as a start point to your learning journey.
IPPF links | Guidance | Additional resources | Relevant position papers
Data Protection | A-Z
Core Principles3. Is objective and free from undue influence (independent). |
|
2050 Coordination and reliance | Implementation guidance |
2130 Control | Implementation guidance |
Chartered IIA | ||
Control (2021) | ||
IIA Global | ||
Auditing the control environment (2011) | Transformation and internal controls (2022) |
Chartered IIA | ||
Data protection (2019) | Key changes in the new GDPR (2019) | GDPR as BAU: processes in place? (2018) |
Data breach incidents and response plans (2015) | ||
IIA Global | ||
Tips for auditing data privacy (2020) | ||
Data ethics (2019) |
Chartered IIA | ||
Anti-money laundering (2019) | Bribery Act 2010 (2010) | Bribery Act: adequate procedures (2017) |
Deprivation of Liberty Safeguards (2021) | Digital accessibility regulations (2021) | Gender pay (2020) |
Health and safety (2020) | Corporate killing (2008) | European sustainability reporting standards (2023) |
Human rights reporting (2017) | IR35 (2022) | Modern Slavery Act 2015 (2015) |
Prompt payment code (2022) | Safeguarding (2021) | Sanctions (2022) |
Slavery and human trafficking (2017) | ||
IIA Global | ||
Human Trafficking and Slavery (2019) |
Codes of practice | financial services, private and third sector
Internal audit and corrupt practices (2017)